Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
exim exim vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2006-1251
Argument injection vulnerability in greylistclean.cron in sa-exim 4.2 allows remote malicious users to delete arbitrary files via an email with a To field that contains a filename separated by whitespace, which is not quoted when greylistclean.cron provides the argument to the rm...
Sa-exim Sa-exim 4.0
Sa-exim Sa-exim 4.1
Sa-exim Sa-exim 4.2
2.1
CVSSv2
CVE-2017-1000369
Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows malicious users to cause arbitrary code execution. This affects exim version 4.89 and previous versions. Pleas...
Exim Exim
Exim Exim 4.88
Exim Exim 4.89
Debian Debian Linux 8.0
Debian Debian Linux 9.0
7.5
CVSSv2
CVE-2017-16943
The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote malicious users to execute arbitrary code or cause a denial of service (use-after-free) via vectors involving BDAT commands.
Exim Exim 4.89
Exim Exim 4.88
Debian Debian Linux 9.0
2 Github repositories
5
CVSSv2
CVE-2017-16944
The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote malicious users to cause a denial of service (infinite loop and stack exhaustion) via vectors involving BDAT commands and an improper check for a '.' character signifying the en...
Exim Exim 4.88
Exim Exim 4.89
Debian Debian Linux 9.0
1 EDB exploit
1 Github repository
1 Article
7.5
CVSSv2
CVE-2003-0743
Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) prior to 3.36 and Exim 4 (exim4) prior to 4.21 may allow remote malicious users to execute arbitrary code via an invalid (1) HELO or (2) EHLO argument with a large number of spaces followed by a NULL character and a newli...
University Of Cambridge Exim 3.15
University Of Cambridge Exim 3.16
University Of Cambridge Exim 3.3.1
University Of Cambridge Exim 3.3.2
University Of Cambridge Exim 3.36
University Of Cambridge Exim 4.10
University Of Cambridge Exim 3.11
University Of Cambridge Exim 3.12
University Of Cambridge Exim 3.19
University Of Cambridge Exim 3.20
University Of Cambridge Exim 3.32
University Of Cambridge Exim 3.33
University Of Cambridge Exim 3.0
University Of Cambridge Exim 3.17
University Of Cambridge Exim 3.18
University Of Cambridge Exim 3.30
University Of Cambridge Exim 3.31
University Of Cambridge Exim 4.20
University Of Cambridge Exim 3.13
University Of Cambridge Exim 3.14
University Of Cambridge Exim 3.21
University Of Cambridge Exim 3.22
7.2
CVSSv2
CVE-2020-8015
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of exim in openSUSE Factory allows local malicious users to escalate from user mail to root. This issue affects: openSUSE Factory exim versions before 4.93.0.4-3.1.
Exim Exim
7.2
CVSSv2
CVE-2020-28015
Exim 4 prior to 4.94.2 has Improper Neutralization of Line Delimiters. Local users can alter the behavior of root processes because a recipient address can have a newline character.
Exim Exim
7.5
CVSSv2
CVE-2020-28020
Exim 4 prior to 4.92 allows Integer Overflow to Buffer Overflow, in which an unauthenticated remote attacker can execute arbitrary code by leveraging the mishandling of continuation lines during header-length restriction.
Exim Exim
6.3
CVSSv2
CVE-2021-27216
Exim 4 prior to 4.94.2 has Execution with Unnecessary Privileges. By leveraging a delete_pid_file race condition, a local user can delete arbitrary files as root. This involves the -oP and -oPX options.
Exim Exim
6.9
CVSSv2
CVE-2016-1531
Exim prior to 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument.
Exim Exim
3 EDB exploits
6 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4651
CVE-2024-34255
elevation of privilege
CVE-2024-25529
CVE-2024-4671
NULL pointer dereference
CVE-2024-25527
template injection
CVE-2008-0166
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »